- 14 12月, 2019 2 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
- 13 12月, 2019 7 次提交
-
-
由 John Skarbek 提交于
Install lsb-release for repo URL construction See merge request gitlab/gitlabhq!3592
-
由 Kyle Wiebers 提交于
-
由 John T Skarbek 提交于
-
由 John T Skarbek 提交于
This reverts commit e29a2ba5.
-
由 John T Skarbek 提交于
This reverts commit dda1b34c.
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
- 12 12月, 2019 5 次提交
-
-
由 John T Skarbek 提交于
-
由 John T Skarbek 提交于
This reverts commit 426287d2.
-
由 John T Skarbek 提交于
This reverts commit fb3833cd.
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
- 11 12月, 2019 1 次提交
-
-
由 John Skarbek 提交于
Backport reliable fetcher to 12.2 See merge request gitlab/gitlabhq!3585
-
- 09 12月, 2019 2 次提交
-
-
由 Valery Sizov 提交于
- 30 10月, 2019 1 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
- 28 10月, 2019 2 次提交
-
-
由 GitLab Release Tools Bot 提交于
-
由 GitLab Release Tools Bot 提交于
[ci skip]
-
- 25 10月, 2019 18 次提交
-
-
由 GitLab Release Tools Bot 提交于
Return 404 on LFS request if project doesn't exist See merge request gitlab/gitlabhq!3508
-
由 Igor Drozdov 提交于
-
由 GitLab Release Tools Bot 提交于
Only assign merge params when allowed See merge request gitlab/gitlabhq!3460
-
由 GitLab Release Tools Bot 提交于
Nested GraphQL query with circular relationship can cause Denial of Service See merge request gitlab/gitlabhq!3385
-
由 GitLab Release Tools Bot 提交于
Improper access control allows the attacker to comment in internal commit after they are no longer admin See merge request gitlab/gitlabhq!3392
-
由 Charlie Ablett 提交于
Improper access control allows the attacker to comment in internal commit after they are no longer admin
-
由 GitLab Release Tools Bot 提交于
Merge branch 'security-2914-labels-visible-despite-no-access-to-issues-repositories-12-2' into '12-2-stable' Labels visible despite no access to issues & repositories See merge request gitlab/gitlabhq!3431
-
由 GitLab Release Tools Bot 提交于
Project path reveals labels from Private project if the issue is moved to public project See merge request gitlab/gitlabhq!3445
-
由 GitLab Release Tools Bot 提交于
Merge branch 'security-ag-hide-private-members-in-project-member-autocomplete-12-2' into '12-2-stable' Hide private members in project member autocomplete See merge request gitlab/gitlabhq!3448
-
由 GitLab Release Tools Bot 提交于
Private/internal repository enumeration via bruteforce on a vulnerable URL See merge request gitlab/gitlabhq!3456
-
由 GitLab Release Tools Bot 提交于
Mask sentry auth token See merge request gitlab/gitlabhq!3464
-
由 GitLab Release Tools Bot 提交于
Sanitize search text to prevent XSS See merge request gitlab/gitlabhq!3470
-
由 GitLab Release Tools Bot 提交于
Require Maintainer permission on group where project is transferred to See merge request gitlab/gitlabhq!3473
-
由 GitLab Release Tools Bot 提交于
Use the '\A' and '\z' regex anchors in `InternalRedirect` to mitigate an Open Redirect issue. See merge request gitlab/gitlabhq!3476
-
由 GitLab Release Tools Bot 提交于
Pass all wiki markup formats through our Banzai pipeline filters See merge request gitlab/gitlabhq!3479
-
由 GitLab Release Tools Bot 提交于
Handle Stored XSS for Grafana URL in settings See merge request gitlab/gitlabhq!3481
-
由 David Wilkins 提交于
- Extend Gitlab::UrlBlocker to allow relative urls (require_absolute setting). The new `require_absolute` setting defaults to true, which is the existing behavior. - Extend AddressableUrlValidator to accept `require_abosolute` and default to the existing behavior - Add validation for ApplicationSetting#grafana_url to validate that the URL does not contain XSS but can be a valid relative or absolute url. - In the case of existing stored URLs, validate the stored URL does not contain XSS. If the stored URL contains stored XSS or is an otherwise invalid URL, return the default database column value. - Add tests for Gitlab::UrlBlocker to test require_absolute setting - Add tests for AddressableUrlValidator - Add tests for ApplicationSetting#grafana_url
-
由 GitLab Release Tools Bot 提交于
Filter out search results based on permissions to avoid bugs leaking data See merge request gitlab/gitlabhq!3494
-
- 24 10月, 2019 1 次提交
-
-
由 Bob Van Landuyt 提交于
When a user updates a merge request coming from a fork, they should not be able to set `force_remove_source_branch` if they cannot push code to the source project. Otherwise developers of the target project could remove the source branch of the source project by setting this flag through the API.
-
- 23 10月, 2019 1 次提交
-
-
由 charlieablett 提交于
-